January 17, 2017
Netsurion and EventTracker
Global CISO John Christly has been named to the Payment Card Industry Security Standards Council (PCI SSC) Small Merchant Task Force. As a seasoned IT security professional, Christly will serve as a voice for SMBs and multi-location merchants to help make PCI compliance even more achievable and payment data even more secure. Netsurion is a leading provider of managed data and network security services for multi-location businesses, and its subsidiary EventTracker is an innovator in security information and event management (SIEM) technology.
SMB retailers vary from small operations with one or a few locations, to larger entities with many edge locations, such as franchises or branch offices. The dispersed nature of their businesses can create security gaps and challenges, leaving them vulnerable to data breaches. Operating remotely with minimal IT budgets and internal resources, they often cannot fortify their payment systems on their own—let alone efficiently gain and maintain their PCI compliance.
These types of small, remote franchise locations present a huge risk to leading brands across the retail, restaurant, and hotel sectors. Reputational damage and revenue loss from breach news going public impact the individual edge locations, as well as the corporate brand on a national or global scale. Clearly, more needs to be done to improve security at each and every location under the brand umbrella.
According to the 2016 Verizon Data Breach Investigations Report, “remote attacks against the environments where card-present retail transactions are conducted” resulted in 534 total incidents, of which 525 had confirmed data disclosure.
The Small Merchant Task Force is a dedicated global effort to help improve payment data security for small businesses. Co-chaired by Barclaycard and the National Restaurant Association (NRA), the task force collaborates on guidance and resources that simplify data security and PCI Data Security Standard (PCI DSS) compliance for some of the most vulnerable businesses preyed upon by cybercriminals.
The task force relies on cross-industry expertise to develop resources that help small merchants understand why and how to protect payment card data and resolve risks to their businesses. Specifically, the group provides:
- Best Practices: Recommendations on what is needed to protect the payment environment, including working with security assessors, vendors, and service providers
- Simplified Guidance: Easy-to-understand content and resources unique to small business needs that will help them take advantage of PCI best practices, standards, training programs, and solutions
- Market Insight: Ongoing input to PCI Council on current trends, issues, and concerns for small merchants
Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as industry regulations including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida and was the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm.
According to Christly, “All businesses, even small merchants, need to be able to quickly detect and prevent threats from causing massive damage to their networks and systems, by monitoring and protecting all of their endpoints. A managed firewall
is essential but no longer a significant enough barrier on its own. Risk mitigation has become crucial, including monitoring outbound traffic for exfiltrating data.”
He currently leads cybersecurity and compliance efforts for Netsurion and EventTracker, providing support to in-house corporate teams, customers, and partners. This post enables him to consistently gain insights into small merchant compliance pains and needs, making him a valuable addition to the task force.
“Both Netsurion and EventTracker have fingers on the pulse of many SMB operations and their compliance needs, so we understand the struggles that they go through,” said Kevin Watson, CEO of Netsurion. “We are honored that John is representing our companies within the group and helping to shape the PCI standard to better meet the needs of our customers and small merchants everywhere.”
“On every device, computer and network there are new methods thieves are creating to steal data from companies around the world, and smaller businesses are particularly at risk,” said PCI SSC International Director Jeremy King. “Having a group that is focused on this specific challenge is a critical part of our work to increase security awareness and defend against breaches globally. It’s great to have Netsurion and EventTracker, and a wide variety of industries and geographies on board, and we look forward to working together to better protect small businesses.”
For more information on the PCI SSC Small Merchant Task Force, please visit https://www.pcisecuritystandards.org/pci_security/small_merchant
Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@logtalk) named to #PCISMB Task Force http://bit.ly/2iuKDBE #SMB #securityResources
Netsurion Security Insights Articles
Netsurion Videos and Webcasts
Netsurion White Papers
Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them. In such environments, the convergence of threat protection and network management are driving the need for greater interoperability between the NOC (network operations center) and the SOC (security operations center) as well as solutions that fuse technology and service to achieve optimal results. To this end, Netsurion has converged purpose-built network hardware, innovative security software, and flexible managed services. Netsurion’s SD-Branch solution, BranchSDO, is a comprehensive network management and security solution consisting of SD-WAN, next-gen security, cellular, Wi-Fi, and PCI DSS compliance tools and support. At the heart of the solution is the CXD, Netsurion’s SD-WAN edge appliance. Netsurion’s Security Operations solution, EventTracker, delivers advanced threat protection and compliance benefits in a variety of deployment options: a SIEM platform, a co-managed SIEM service with 24/7 SOC, and a managed SIEM for MSPs.
, Twitter: @Netsurion
Deb Montner, Montner Tech PR